Spanning Tree
L2 Loops Switch (Bridge) loops can occur any time there is a redundant path or loop in the bridge network. The switches will flip flop the MAC address table entries (creating extremely high CPU utilization). Unicasts, unknown unicasts and broadcasts are all problems.
Two-key STP Concepts STP calculations make extensive use of two key concepts in creating a loop-free topology: Bridge ID Path Cost Link Speed Cost (Revised IEEE Spec) Cost (Previous IEEE Spec) 10 Gbps 2 1 1 Gbps 4 100 Mbps 19 10 10 Mbps 100
Five-Step STP Decision Sequence When creating a loop-free topology, STP always uses the same five-step decision sequence: Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 – Lowest Port Priority Step 5 - Lowest Port ID Bridges use Configuration BPDUs during this five-step process. We will assume all BPDUs are configuration BPDUs
Elect one Root Bridge Lowest BID wins! Who wins?
Elect one Root Bridge Lowest BID wins! My BID is 32768.0001.C945.A573 Who wins? My BID is 32768.0005.5E0D.9315 My BID is 32768.0060.47B0.5850 My BID is 32768.0001.964E.7EBB I win! My BID is 32768.0003.E461.46EC Root Bridge
Elect Root Ports I will select one Root Port that is closest, best path to the root bridge. STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports Next, each switch determines its Root Port: It’s port closest to the Root Bridge Bridges use the cost to determine closeness. Every non-Root Bridge will select one Root Port! Specifically, bridges track the Root Path Cost, the cumulative cost of all links to the Root Bridge.
Root Bridge, Access2 sends out BPDUs, containing a Root Path Cost of 0. Switches receive these BPDUs and adds the Path Cost of the FastEthernet interface to the Root Path Cost contained in the BPDU. This value is used internally and used in BPDUs to other switches. Path Cost BPDU Cost=0+19=19 BPDU Cost=0+19=19 19 19 19 BPDU Cost=0 BPDU Cost=0+19=19 Root Bridge
Switches now send BPDUs with their Root Path Cost out other interfaces. Switches receive BPDU and add their path cost. Path Cost BPDU Cost=4+19=23 BPDU Cost=4+19=23 19 19 BPDU Cost=19 BPDU Cost=19 19 Root Bridge
Root Bridge This process continues… 19 19 19 BPDU BPDU Cost=4+19=23 19 Root Bridge
Root Bridge This process continues… Path Cost 19 23 23 19 19 19 BPDU 19 19 Root Bridge BPDU Cost=4+19=23
Root Bridge Final Results Ports show BPDU Received Root Path Cost + Path Cost = Root Path Cost of Interface, after the “best” BPDU is received on that port from the neighboring switch. This is the cost of reaching the Root Bridge from this interface towards the neighboring switch. Now let’s see how this is used! Path Cost 19+4=23 19+4=23 23+4=27 23+4=27 19+19=38 19+19=38 19 19+4=23 19 19+4=23 19+4=23 19+4=23 19 Root Bridge
Next: Elect Root Ports Elect Designated Ports Non-Designated Ports: All other ports Elect Root Ports Every non-Root bridge must select one Root Port. A bridge’s Root Port is the port closest to the Root Bridge. Bridges use the cost to determine closeness. These values would be the Root Path Cost if this interface was used to reach the Root Bridge. Path Cost 23 23 27 27 38 38 23 19 19 23 23 23 19 Root Bridge
Elect Root Ports: (Review) Ports show Root Path Cost of Interface, after the “best” BPDU is received on that port from the neighboring switch. This is the cost of reaching the Root Bridge from this interface towards the neighboring switch. Distribution 1 “thought process” Path Cost If I go through Core it costs 27. If I go through D2 it costs 38. If I go through A1 it costs 23. If I go through A2 it costs 19. This is the best path to the Root!
? ? Root Bridge Elect Root Ports Every non-Root bridge must select one Root Port. A bridge’s Root Port is the port closest to the Root Bridge. Bridges use the Root Path Cost to determine closeness. ? ? 23 23 27 27 38 38 23 19 19 RP 23 RP 23 23 19 RP Root Bridge
Elect Root Ports Core switch has two equal Root Path Costs to the Root Bridge. Five-step decision process. Dist 1 switch has a lower Sender BID than Dist 2. Core chooses the Root Port of G 0/1. Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port Priority Step 5 - Lowest Port ID ? ? RP 23 My BID is 32768.0005.5E0D.9315 23 My BID is 32768.0060.47B0.5850 Lower BID 27 27 38 38 23 19 19 RP 23 RP 23 23 19 RP Root Bridge
Elect Designated Ports STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports A Designated Port functions as the single bridge port that both sends and receives traffic to and from that segment and the Root Bridge. Each segment in a bridged network has one Designated Port, chosen based on cumulative Root Path Cost to the Root Bridge. The switch containing the Designated Port is referred to as the Designated Bridge for that segment. To locate Designated Ports, lets take a look at each segment. Segment’s perspective: From a device on this segment, “Which switch should I go through to reach the Root Bridge?”
A Designated Port is elected for every segment. Segment’s perspective: From a device on this segment, “Which switch should I go through to reach the Root Bridge?” “I’ll decide using the advertised Root Path Cost from each switch!” RP 23 23 ? ? 19 19 ? 19 19 19 19 ? ? 19 RP 19 RP ? ? 19 19 ? 19 RP Root Bridge
Because Access 2 has the lower Root Path Cost it becomes the Designated Port for that segment. RP 23 23 19 19 My designated port will be 0 via Access 2 (Fa0/5). It’s the best path, lowest Root Path, to the Root Bridge. What is my best path to the Root Bridge, 19 via Access 1 or 0 via Access 2? 19 19 19 19 19 RP 19 RP 19 19 ? 19 RP DP Root Bridge
Because Access 2 has the lower Root Path Cost it becomes the Designated Port for those segments. RP 23 23 19 19 19 19 19 19 ? RP 19 RP 19 ? 19 DP 19 DP 19 RP DP Root Bridge
Segment between Distribution 1 and Access 1 has two equal Root Path Costs of 19. Using the Lowest Sender ID (first two steps are equal), Access 1 becomes the best path and the Designated Port. Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port Priority Step 5 - Lowest Port ID RP 23 23 32768.0005.5E0D.9315 What is my best path to the Root Bridge, 19 via Distribution 1 or 19 via Access 1? They are the same! Who has the lowest BID? 19 19 19 19 19 19 RP 19 RP 19 ? DP 19 DP 19 DP 32768.0003.E461.46EC 19 RP DP Root Bridge Lower BID
X X X X Root Bridge After this process is finished… All other ports, those ports that are not Root Ports or Designated Ports, become Non-Designated Ports. Non-Designated Ports are put in blocking mode. This is the loop prevention part of STP. RP 23 X 23 NDP DP 19 19 DP DP X NDP 19 19 X X NDP 19 19 RP NDP 19 RP 19 19 DP 19 DP DP 19 RP DP Root Bridge
show spanning-tree Path Cost Core# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.964E.7EBB Cost 4 Port 25(GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0001.C945.A573 Aging Time 20 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi0/1 Root FWD 4 128.25 P2p Gi0/2 Altn BLK 4 128.26 P2p
show spanning-tree detail Path Cost Core# show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree Protocol Bridge Identifier has priority of 32768, sysid 1, 0001.C945.A573 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32769 Root port is 25 (GigabitEthernet0/1), cost of root path is 4 Topology change flag not set, detected flag not set Number of topology changes 0 last change occurred 00:00:00 ago from FastEthernet0/1 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0, aging 300
STP Convergence: Summary Recall that switches go through three steps for their initial convergence: STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports Also, all STP decisions are based on a the following predetermined sequence: Five-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 – Lowest Port Priority Step 5 - Lowest Port ID
Example 2- Spanning Tree Operation Elect a Root Bridge/Switch. Select a Root Port on each Bridge/Switch (except on the Root bridge/switch). Elect a Designated device/port on each network segment. Ports that are neither Root Port nor a Designated Port go into Blocking state. Refer to next 4 slides for additional detail on the process.
Example 2- Spanning Tree Operation – Cont. 1. Elect a Root Bridge/Switch. 1. Elect a Root Bridge/Switch - This is based on the lowest Bridge-ID (Bridge-ID is comprised of bridge/switch priority and lowest MAC address).
Example 2- Spanning Tree Operation – Cont. 2. Select a Root Port on each bridge/switch. 2. Select a Root Port on each Bridge/Switch (except on the Root bridge/switch). This is based on the least cost to Root. Ties are broken based on the lowest upstream Bridge-ID. Further ties are broken based on the lowest Port-ID. Note: A commonly misunderstood detail is that when using the upstream Bridge ID (BID) and Port ID (PID) to break ties when selecting a Root Port, it is the sender's BID and PID that are used to break the ties, not the receiver's.
Spanning Tree Operation – Cont. 3. Elect a Designated device/port on each network segment. 3. Elect a Designated device/port on each network segment. This is based on the least cost to Root. Ties are broken based on the lowest Bridge-ID. Further ties are broken based on the lowest Port-ID.
Spanning Tree Operation – Cont. 4. Place ports in Blocking state. 4. Ports that ended up as neither a Root Port nor a Designated Port go into Blocking state, and the Root Ports and Designated Ports go over Listening and Learning states, finally entering the Forwarding state.
Spanning Tree Operation – Cont. Sample output from the show spanning-tree vlan command. show spanning-tree [vlan vlan-id]: This command, without specifying any additional options, is useful if you want a quick overview of the status of the Spanning Tree Protocol for all VLANs that are defined on a switch. If you are interested in only a particular VLAN, you can limit the scope of this command by specifying the VLAN number as an option. The figure shows sample output from this command.
Spanning Tree Operation – Cont. Sample output from the show spanning-tree interface command. In the example, port 88 (TenGigabitEthernet9/1) is a root port and the upstream switch’s port is the Designated Port. This is also reflected by the fact that this switch is receiving BPDUs (it received 670 BPDUs), but not transmitting them (it sent 10 BPDUs during initial spanning tree convergence and stopped after that). You can also see that the upstream switch is the Root Bridge. This can be concluded from the fact that the Designated Bridge ID and the Root Bridge ID are the same. This is further confirmed by the fact that the designated path cost is reported as a cost of 0.
Spanning Tree Failures STP is a reliable but not an absolutely failproof protocol. If STP fails there are usually major negative consequences. With Spanning Tree, there are two different types of failures. Type 1 - STP may erroneously block certain ports that should have gone to the forwarding state. You may lose connectivity to certain parts of the network, but the rest of the network is unaffected. Type 2 - STP erroneously moves one or more ports to the Forwarding state. The failure is more disruptive as bridging loops and broadcast storms can occur.
Spanning Tree Failures – Cont. Type 2 failures can cause these symptoms. The load on all links in the switched LAN will quickly start increasing. Layer 3 switches and routers report control plane failures such as continual HSRP, OSPF and EIGRP state changes or that they are running at a very high CPU utilization load. Switches will experience very frequent MAC address table changes. With high link loads and CPU utilization devices typically become unreachable, making it difficult to diagnose the problem while it is in progress. Eliminate topological loops and troubleshoot issues. Physically disconnect links or shut down interfaces. Diagnose potential problems. A unidirectional link can cause STP problems. You may be able to identify and remove a faulty cable to correct the problem.
Spanning Tree Failures – Cont. Using the show etherchannel 1 detail command DSW2# show etherchannel 1 detail Group state = L2 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol: - Minimum Links: 0 Ports in the group: ------------------- Port: Fa0/5 ------------ Port state = Up Cnt-bndl Suspend Not-in-Bndl Channel group = 1 Mode = On Gcchange = - Port-channel = null GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = - Age of the port in the current state: 0d:00h:25m:13s Probable reason: vlan mask is different <output omitted> The output shown in the example indicates that the cause of the problem is the “VLAN mask”, which means that there must be a mismatch between the VLANs allowed on the port-channel versus the VLANs allowed on the physical interfaces.